Table of Contents
Wireshark is the world's most popular network protocol analyzer. It is used for troubleshooting, analysis, development, and education.
The following vulnerabilities have been fixed. See the security advisory for details and a workaround.
Florent Drouin and David Maciejak found that the Bluetooth ACL dissector could crash or abort. (Bug 1513)
Versions affected: 0.99.2 to 1.0.3
The Q.931 dissector could crash or abort. (Bug 2870)
Versions affected: 0.10.3 to 1.0.3
Wireshark could abort while reading Tamos CommView capture files. (Bug 2926)
Versions affected: 0.99.7 to 1.0.3
David Maciejak found that the USB dissector could crash or abort. This led to the discovery of a similar problem in the Bluetooth RFCOMM dissector. (Bug 2922)
Versions affected: 0.99.7 to 1.0.3
Vivek Gupta and David Maciejak found that the PRP and MATE dissectors could make Wireshark crash. (Neither PRP nor MATE are enabled by default.) (Bug 2549)
Versions affected: 0.99.2 to 1.0.3
The following bugs have been fixed:
Let MP2T call its subdissectors, even without tree (Bug 2627)
Wireless Toolbar not enabled (using AirPcap) if PCAP_REMOTE=1 (Bug 2685)
Failure to dissect long SASL wrapped LDAP response (Bug 2687)
Fix compiler warnings (Bug 2823)
Homeplug dissection bugs (Bug 2859)
Malformed Packet DCP ETSI error (Bug 2860)
Wrong size of selected_registrar in WPS dissector (Bug 2865)
Dissector assertion displaying cookies in DTLS frames (Bug 2876)
Missing field type in documentation (Bug 2889)
Wireshark -p switch seems to have no effect to PROMISCUOUS mode (Bug 2891)
Misspelled PPI error vector magnitude filter (Bug 2903)
Modbus Function 43 Encapsulated Interface Transport decoding (Bug 2917)
Crash when printing or exporting some protocol data (Bug 2934)
Crash when selecting "Export Selected Packet Bytes" (Bug 2964)
AFP, Bluetooth ACL, Bluetooth RFCOMM, DCP ETSI, DTLS, Homeplug, IEEE 802.11, IP, Modbus TCP, MP2T, NSIP, NCP, PPI, Q.931, SASL, SNMP, USB, WPS
Wireshark source code and installation packages are available from the download page on the main web site.
Most Linux and Unix vendors supply their own Wireshark packages. You can usually install or upgrade Wireshark using the package management system specific to that platform. A list of third-party packages can be found on the download page on the Wireshark web site.
Wireshark and TShark look in several different locations for preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These locations vary from platform to platform. You can use About->Folders to find the default locations on your system.
Wireshark may appear offscreen on multi-monitor Windows systems. (Bug 553)
Wireshark might make your system disassociate from a wireless network on OS X. (Bug 1315)
Dumpcap might not quit if Wireshark or TShark crashes. (Bug 1419)
The BER dissector might infinitely loop. (Bug 1516)
Wireshark can't dynamically update the packet list. This means that host name resolutions above a certain response time threshold won't show up in the packet list. (Bug 1605)
Capture filters aren't applied when capturing from named pipes. (Bug 1814)
Wireshark might freeze when reading from a pipe. (Bug 2082)
Capturing from named pipes might be delayed on Windows. (Bug 2200)
Filtering tshark captures with display filters (-R) no longer works. (Bug 2234)
Community support is available on the wireshark-users mailing list. Subscription information and archives for all of Wireshark's mailing lists can be found on the web site.
Commercial support and development services are available from CACE Technologies.
A complete FAQ is available on the Wireshark web site.
Riverbed is Wireshark's primary sponsor and provides our funding. They also make great products.